Penetration Tester for Teleoperation Software

We are looking for a penetration test and report. About us: Adamo provides teleoperation software to robotics companies, allowing operators to remotely control robots. We are seeking a penetration test of our web application, with a report delivered as soon as possible. Application purpose: Browser-based platform for operators to remotely control robots, plus organisation/account management. Scope: Pages: 5 pages in a logged-in state. User types: Operator, Admin, Owner, Developer. Admin, Owner and Developer accounts currently share the same permission set; Operator is restricted (e.g. cannot invite additional users). All roles in scope. Authentication: Frontend uses OAuth via Google Login; API access via API key. Both in scope, including testing for authentication and authorization weaknesses (broken access control, privilege escalation, endpoint authorization). API: No formally documented API, but endpoints are exercised by the application and via API key. We can provide engineering support to map endpoints. Database: PostgreSQL. Real-time streaming: Our routers handle robot control streams; we want authentication enforcement on these streams validated as part of testing. Live robot: We will have a robot running in our office for the engagement and can schedule a specific window for testing the live-control functionality. Access we will provide: Sign-up link, an invitation to the Adamo organisation (with a live robot), and test logins covering the relevant roles. What we need from you: A fixed quote and estimated turnaround for the report. Confirmation of retest policy (we'd like remediation retesting included, ideally on a rolling basis). Earliest available start date — turnaround on the report is our priority. A sample/redacted report so we can assess deliverable quality. Apply tot his job Apply To this Job